Security startup Dasient debuts Tuesday with a cloud-based service designed to detect malware on Web sites and quarantine it away from visitors prior to it being removed.

Dasient's three co-founders include two former Google employees, Neil Daswani, previously Google's security product manager, and software engineer Shariq Rizvi, along with Ameet Ranadive, whose background includes stints at consultancy McKinsey & Co. and HP. (The new company doesn't use job titles.)

The Web Anti-Malware service that Dasient is announcing makes use of Web crawlers and heuristics to automatically detect code that cybercriminals have loaded onto legitimate Web sites in order to download malware or push visitors to fraudulent sites. As a consequence, victimized sites infected by malware often end up on "blacklists" of suspected dangerous sites compiled by Google as well as security firms, including McAfee, Symantec, and WebSense, that have ways to watch for compromised sites.

It's "a challenging engineering problem," says Daswani of performing diagnostics on malware-infected sites and quarantining code without disrupting site use. The Dasient Web Anti-Malware service, which starts from $50 per month, is still in an "alpha" stage in some respects, especially the malware-quarantining capability, Dasient's co-founders acknowledge. The malware quarantining feature requires a Dasient software module to be installed on a Web server for protection.

The goal, the co-founders say, is to assist Web site managers in finding out where the malware problems are before they're on blacklists or to help them get off the blacklists, which disrupt business and drive customers away. The Dasient service can also be used by Web hosting providers to assist their customers.

There are millions of Web sites compromised each year. Family Communications, the Pittsburgh-based children's media non-profit founded by Fred Rogers, found out how devastating it can be to end up on a blacklist because of infected Web pages.

"Four or five months ago we were alerted to the fact that Google results was saying your Web site may have malicious code," says Kevin Morrison, COO at Family Communications, who said Google did send out an e-mail notice but didn't seem to be in a position to do much more than that.

The phone started ringing off the hook with callers asking what was going on, and Morrison says his Web site hosting provider couldn't really tell. Around the same time, Dasient contacted Family Communications to say it knew the site had been flagged by Google, they could help, and they did, showing exactly where bad code was embedded in Web pages, says Morrison.

"It had been hacked obviously," Morrison says. "We got the malicious code out of the way and suddenly we're OK on Google again," says Morrison, who adds his company has continued to be an early user of Dasient's Web Anti-Malware, though no more incidents have cropped up since.

Dasient retains close ties with Google — which itself faces many Web attacks daily, says Daswani -- but the co-founders declined to provide more detail.

The startup has received $2 million in funding from Maples Investment, Radar Partners, Stratton Sclavos and Eric Benhamou.

This story, "Ex-Googlers debut security service that flags malware on Web sites" was originally published by
Network World.